i was trying to unpack a malware packed with vmprotect, by writing a script i was able to generate a cfg and found 2 lines instruction
which is like jumping to a thousand locations
although i think it should be the dispatcher, but i was generating cfg for just first 500000 instructions, so does vm protect virtualizes its own code also? and it is the dispatcher? or it is just a cfg obfuscation implementation?
if any one wants i can post the image of the cfg, but its too large!!